{"id":24702969,"url":"https://github.com/richlamdev/ansible-desktop-ubuntu","last_synced_at":"2025-10-09T09:30:32.464Z","repository":{"id":44439881,"uuid":"259836693","full_name":"richlamdev/ansible-desktop-ubuntu","owner":"richlamdev","description":"Ansible playbook with roles for Ubuntu desktop deployment","archived":false,"fork":false,"pushed_at":"2025-01-18T05:29:55.000Z","size":474,"stargazers_count":6,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-01-18T06:22:17.886Z","etag":null,"topics":["ansible","automation","bashrc","configuration-management","desktop","developer-experience","development-environment","development-tools","devx","linux","software-deployment","ubuntu","vim","vim-plugin","vim-plugins","vimrc","vimrc-settings"],"latest_commit_sha":null,"homepage":"","language":"Vim Script","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/richlamdev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-04-29T05:52:17.000Z","updated_at":"2025-01-18T05:29:57.000Z","dependencies_parsed_at":"2024-07-14T01:23:45.557Z","dependency_job_id":"555ad41f-322f-472d-90b6-15858c2fabf2","html_url":"https://github.com/richlamdev/ansible-desktop-ubuntu","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/richlamdev%2Fansible-desktop-ubuntu","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/richlamdev%2Fansible-desktop-ubuntu/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/richlamdev%2Fansible-desktop-ubuntu/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/richlamdev%2Fansible-desktop-ubuntu/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/richlamdev","download_url":"https://codeload.github.com/richlamdev/ansible-desktop-ubuntu/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":235807614,"owners_count":19047987,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","automation","bashrc","configuration-management","desktop","developer-experience","development-environment","development-tools","devx","linux","software-deployment","ubuntu","vim","vim-plugin","vim-plugins","vimrc","vimrc-settings"],"created_at":"2025-01-27T05:51:42.724Z","updated_at":"2025-10-09T09:30:32.451Z","avatar_url":"https://github.com/richlamdev.png","language":"Vim Script","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Ansible Playbook for configuring Ubuntu Desktop\n\n## Introduction\n\nThis is a collection of roles and configuarions I use for my Ubuntu\ndesktop/laptop deployment.\n\nThis Playbook is designed and tested for Ubunutu 24.04 LTS.  This playbook may\nnot work on older versions of Ubuntu without modification.\n\n\n## Requirements\n\n1) Basic knowledge of Ansible\n\n2) Ubuntu 24.04 (may work on other apt based distros with modification)\n\n3) Software: ansible, git, openssh-server, vim-gtk3 (vim or vim-gtk3 is not\nstrictly required, but is required if the vim role is executed)\n\n4) Ensure ansible community modules are installed. See below for instructions.\n\n\n## Instructions\n\n*This assumes a new/fresh installation and the execution of this playbook\nis on the target machine (localhost).  Of course, this playbook can be executed\nto a remote host, if needed.  This also assumes the user indicated\nbelow by \\\u003cusername\\\u003e belongs to the sudo group.  Additionally, this assumes\nthe user's primary group on the host and target machine(s) are the same.*\n\n1. Install required software for this playbook.\\\n`sudo apt update \u0026\u0026 sudo apt install ansible git openssh-server vim-gtk3 -y`\n`ansible-galaxy collection install community.general`\n\n2. Clone ansible-desktop-ubuntu repo.\\\n`git clone https://github.com/richlamdev/ansible-desktop-ubuntu.git`\n\n3. Generate SSH key pair for localhost.\\\n`cd ansible-desktop-ubuntu/scripts`\n\nThe following script will generate a new SSH key pair for localhost and copy\nthe public key to ~/.ssh/authorized_keys.  This will allow authentication\nvia SSH key.\\\n`./gen_ssh_keys.sh`\n\nAlternatively, if password authentication is preferred, install sshpass.\\\n`sudo apt install sshpass`\n\n** *Limit use of sshpass for setup only, due to potential security issues. * **\n\nNote: Be aware /role/base/tasks/ssh.yml will update the sshd_config indirectly\nby the configuration file placed in /etc/ssh/sshd_config.d/, this will disable\nSSH password authentication; consequently, making SSH key-based authentication\na hard requirement.\n\n4. Amend inventory file if needed, default target is localhost.\n\n5. Amend main.yml file for roles (software) desired.\n\n* The majority of third party packages are separated into roles, this was\nsetup this way to allow convenient inclusion/exclusion of roles as needed by\ncommenting/uncommenting roles in main.yml at the root level of the repo.\n\n6. To run the playbook use the following command:\\\n`ansible-playbook main.yml -bKu \u003cusername\u003e --private-key ~/.ssh/\u003cssh-key\u003e`\n  * enter SUDO password. (assumes user is a member of the sudo user group)\n\nTo run the playbook via local connection, use the following command:\\\n`ansible-playbook main.yml -K -c local`\n  * enter SUDO password. (assumes user is a member of the sudo user group)\n\nTo run the playbook using SSH password authentication, use the following\ncommand:\\\n`ansible-playbook main.yml -bkKu \u003cusername\u003e`\n  * enter SSH password\n  * enter SUDO password. (assumes user is a member of the sudo user group)\n\n7. Where privilege escalation is not required, the packages or configuration is\ninstalled on the target host(s) in the context of \\\u003cusername\\\u003e indicated.\n\n\n## Role Information\n\nThe majority of roles are self explantory in terms of what they install.\n\nAdditional information for the following roles:\n\n* apt-sources-ubc\n  * adds University of BC (UBC) as primary apt source\n  * default apt source is fallback apt source\n  * this is a personal preference for me\n  * find your fastest/closest mirror [here](https://launchpad.net/ubuntu/+archivemirrors)\n\n* auto-update\n  * force dpkg to accept default settings during updates\n  * add cron to run apt update and dist-upgrade daily\n  * add cron to run snap update daily\n  * technically there are built-in methods to run apt and snap update daily\n    (unattended-upgrades), however, none of those methods seem to work.\n    * see below testing of role unattended-upgrade-override\n    This primitive implementation achieves a similar effect.\n  * This role is for any desktop/laptop that operates 24/7.\n  * There is a basic script (check_reboot.sh) to check if a reboot is required,\n    which is scheduled to run daily at 0400hrs.(checks for presence of\n    /var/run/reboot-required)\n\n* unattended-upgrade-override\n  * attempt to make unattended-upgrades work similar to\n    `sudo apt update \u0026\u0026 sudo apt dist-upgrade -y`\n  * not fully tested; once confirmed auto-update will be deleted\n\n* aws\n  * installs [AWS CLI v2](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html)\n    and [AWS SAM CLI](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-install.html) via zip archive from aws\n  * this majority of this role ignores changes; it's not truly idempotent,\n    due to not using a built-in ansible module to handle installation\n  * refer to System Updates section for manual (script) updating\n\n* base\n  * packages.yml - list of packages to install via apt\n  * keychron.yml - enables keychron keyboard shortcuts\n  * autostart.yml - enables autostart of applications\n  * ssh.yml - configures ssh server \u0026 client; disables password authentication\n  * ufw - disables incoming ports, except port 22 (limit) from 192.168.0.0/16\n\n* dev-tools\n  * list of development packages to install via apt and pipx\n    * some of the development packages are installed using pipx where possible\n      due to [PEP 668](https://peps.python.org/pep-0668/)\n    * primarily installs pipx binary packages for coding/development\n       * [bandit](https://github.com/PyCQA/bandit)\n       * [black](https://github.com/psf/black) (needed for VIM ALE plugin)\n       * [flake8](https://github.com/PyCQA/flake8) (needed for VIM ALE plugin)\n       * [glances](https://github.com/nicolargo/glances)\n       * [mypy](https://github.com/python/mypy)\n       * [pre-commit](https://github.com/pre-commit/pre-commit)\n       * [pytest](https://github.com/pytest-dev/pytest)\n       * [ruff](https://github.com/astral-sh/ruff) (needed for VIM ALE plugin)\n       * [uv](https://github.com/astral-sh/uv)\n       * [yamllint](https://github.com/adrienverge/yamllint) (needed for VIM ALE plugin)\n       * [yamlfmt](https://github.com/google/yamlfmt) (needed for VIM ALE plugin)\n\n   * Installs [pyenv](https://github.com/pyenv/pyenv) using the official installer script.\n       * Downloads the `pyenv.run` installer script into the user’s home directory.\n       * Executes the installer to create the `~/.pyenv` directory.\n       * Removes the installer script after installation for cleanliness.\n       * Adds environment variables to `~/.bashrc` through the `env` role\n         via pyenv.sh file that is read from $HOME/.bashrc.d/:\n         ```bash\n         export PYENV_ROOT=\"$HOME/.pyenv\"\n         [[ -d $PYENV_ROOT/bin ]] \u0026\u0026 export PATH=\"$PYENV_ROOT/bin:$PATH\"\n         eval \"$(pyenv init - bash)\"\n         ```\n       * To install a Python version, use the `pyenv install` command or\n       * To compile and install an optimized verision of Python, execute\n         `scripts/install_optimized_pyenv_latest.sh` - be aware that this\n         script will take a long time to complete.\n\n* disable-local-dns\n  * disables local dns on the target host\n    (again this is a personal preference, as my network DNS server handles\n    DNS lookup and filtering)\n  * this role is executed last, as a dns service restart is required; the\n    restart will take too long and cause the following playbook role(s) to fail\n    (a delay could be added, but that adds unnecessary execution time for the\n    playbook)\n\n*NB: install either docker-cli-only OR docker-desktop depending on your\nrequirements*\n\n* docker-cli-only\n  * installs all docker engine requirements for CLI use only.  You may\n    experience conflicts if you install docker-desktop as well.\n  * installs following:\n    * docker-ce-cli\n    * containerd.io\n    * docker-compose\n    * docker-compose-plugin\n  * creates docker group and adds the current user to it\n\n* docker-desktop-dependency\n  * installs docker-ce-cli (required for Docker Desktop)\n  * creates docker group and adds the current user to it\n  * install [docker-desktop](https://docs.docker.com/desktop/install/linux-install/) for remainder of local docker setup\n  * NOTE: At the time of this writing, Docker is not yet officially supported\n          on Ubuntu 24.04 LTS.  Follow the instructions under the\n          [prerequisites section](https://docs.docker.com/desktop/install/ubuntu/#prerequisites)\n\n      Short version, either execute this on each reboot, before executing\n      Docker Desktop\n      `sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0`\n      or edit (create) this file /etc/sysctl.d/99-docker.conf\n      `echo \"kernel.apparmor_restrict_unprivileged_userns=0\" \u003e /etc/sysctl.d/99-docker.conf`\n\n      Apply the change immediately by executing `sudo sysctl --system` or reboot\n\n  * The kernel.apparmor_restrict_unprivileged_userns=0 setting is now applied\n    with the docker role\n\n  * Additional references:\n    * [Github Issue #209](https://github.com/docker/desktop-linux/issues/209)\n    * [reddit thread](https://www.reddit.com/r/docker/comments/1c9rzxz/cannot_get_docker_desktop_to_start_on_ubuntu_2404/)\n    * [restricted unprivileged user namespace](https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces)\n\n* env\n  * setups personal preferences for bash shell\n    * configures .bashrc to read all shell scripts from /home/{USER}/.bashrc.d/\n      to set environment\n  * fzf is required for [fzf.vim](https://github.com/junegunn/fzf.vim)\n  * .bashrc -bash function `se` is for fast directory navigation at the CLI\n    refer to [fzf explorer](https://thevaluable.dev/practical-guide-fzf-example/)\n    (this is slightly different from the built in alt-c command provided with fzf)\n  * refer to System Updates section for manual (script) updating of fzf\n  * adds modular gitconfig configuration to separate public vs sensitive git\n    information\n      * adds .gitconfig-private-example to $HOME\n        * change contents to include your user name and email and rename this\n          file to .gitconfig-private\n\n* vim\n  * installs customization only, does not install vim\n    * compile and install vim with this [script](https://github.com/richlamdev/vim-compile)\n    * Note: Vim \u003e9.0 is required for codeium plugin below, at the time of the\n    writing of this playbook, Vim 9.x was not available in the official Ubuntu\n    repos\n\n  * if codeium is not needed, disable codeium in the status line within .vimrc\n    that is deployed with this role:\n    * comment out this line\n\n    ```set statusline+=\\{…\\}%3{codeium#GetStatusString()}  \" codeium status```\n\n      If this is not disabled before codeium.vim is uninstalled, vim will freeze\n      on startup.  (you'll have to edit .vimrc with an alternative editor,and/\n      or disable loading of .vimrc then comment the above line indicated)\n    * remove codeium.vim from $HOME/.vim/pack:\n    ```rm -rf ~/.vim/pack/Exafunction```\n\n  * installs following plugins:\n    * [ALE](https://github.com/dense-analysis/ale)\n    * [codeium](https://github.com/Exafunction/codeium.vim)\n    * [fzf.vim](https://github.com/junegunn/fzf.vim)\n    * ~~[Github copilot](https://github.com/github/copilot.vim)~~ (use codeium)\n    * [hashivim](https://github.com/hashivim/vim-terraform)\n    * [indentLine](https://github.com/Yggdroot/indentLine)\n    * [monokai colorscheme](https://github.com/sickill/vim-monokai)\n    * [nerdtree](https://github.com/preservim/nerdtree)\n    * [tagbar](https://github.com/preservim/tagbar)\n    * [vim-commentary](https://github.com/tpope/vim-commentary)\n    * [vim-unimpaired](https://github.com/tpope/vim-unimpaired)\n    * [vimwiki](https://github.com/vimwiki/vimwiki)\n    * [personal/custom .vimrc](https://github.com/richlamdev/ansible-desktop-ubuntu/blob/master/roles/vim/files/.vimrc)\n\n\n## System Updates\n\nThe commands used to keep your system up to date are:\n\n1. `sudo apt update \u0026\u0026 sudo apt upgrade -y`\n2. `sudo apt autoremove -y` (not really an update, but removes old packages)\n3. `sudo snap refresh`*\n4. `pipx upgrade-all`\n\n*while snap package mangement is controversial - tradeoff of manual updates\nand convenience...\n\nUpgrade specific packages, not upraded via apt or snap:\n\n1. `execute scripts/aws_upgrade.sh`\n2. `execute scripts/fzf_upgrade.sh`\n   (alternatively delete the ~/.fzf folder and re-run ansible)\n3. If Docker Desktop, is installed.  Start Docker Desktop, click \"Settings\",\n   then \"Software updates\", then \"Check for updates\", then Download and install\n   updated Docker Desktop.\n   `sudo apt update \u0026\u0026 sudo apt install ./docker-desktop-\u003cversion\u003e-\u003carch\u003e.deb`\n\n\n## Idempotency\n\nThe majority of this playbook is idempotent.  Minimal use of Ansible shell or\ncommand is used.\n\nAWS CLI, AWS SAM CLI, and fzf are not idempotent.\nWhile fzf could be installed and maintained via apt, I prefer to update fzf\nmore frequently and therefore perform the upgrades manually (by script).\nRefer to above System Updates section for updates beyond package management.\n\n\n## Scripts\n\n1. gen_ssh_keys.sh - generates a new SSH key pair for localhost and copies\nthe public key to ~/.ssh/authorized_keys.\n\n2. desktop-setup.sh - restore dconf settings.\n  - this script essentially saves/loads desktop settings using dconf, things\n    like terminal settings, icons, keyboard shortcuts etc.\n  - this could be configured via ansible, but this way is quick and easy,\n    and I just haven't gotten around to porting it to ansible\n  - `./desktop-setup.sh save` - save current dconf settings to dconf-settings.ini\n  - `./desktop-setup.sh load` - load current dconf settings from dconf-settings.ini\n\n3. check_ssh_auth.sh - checks for SSH authentication methods against a host\nEg: `./check_ssh_auth.sh localhost`\n\n\n## Random Notes, General Information \u0026 Considerations\n\n1. For further information regarding command line switches and arguments above,\nplease see the [Ansible documentation](https://docs.ansible.com/ansible/latest/cli/ansible-playbook.html),\nalternatively read my [ansible-misc github repo](https://github.com/richlamdev/ansible-misc.git)\n\n2. Review the base role for potential unwanted software installation/\nconfiguration.  The majority of the software within the base role is software\navailable via the default apt repositories.  Other software are some git repos,\nkeychron keyboard setup, and screen blanking short-cut key enablement.\nFurthermore the roles env and vim are personal preferences.\n\n3. Appropriate GPG keys are added to /usr/share/keyrings/ folder for third\nparty apt packages, and referenced within repos, per deprecation of apt-key as\nof Ubuntu 22.04.\n\n4. The organization of this ansible repo has become a little messier than\npreferred.  TODO: Clean it up to be more organized / readable / reusable.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frichlamdev%2Fansible-desktop-ubuntu","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frichlamdev%2Fansible-desktop-ubuntu","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frichlamdev%2Fansible-desktop-ubuntu/lists"}